Free internet connection is attractive to almost everyone and many places offer this service for free. People who do not want to deal with it every time, who want to find and use hotspots easily, and who seek a chance to access networks around them, use hotspot discovery applications.
GDI Foundation member and security researcher Sanyam Jain states that an application that has been downloaded thousands of times does not protect the database properly, and data belonging to thousands of users can be downloaded in blocks.
While the developer of the app, believed to be based in China, did not make a statement, DigitalOcean removed the database from access in one day. The company that provides the hosting service of the application has taken the server offline.
Data stored in plain text in the application’s database included Wi-Fi network names, geolocations, BSSIDs, and network passwords.
Although the owner of the application says that only public networks will be used, the information also includes information about businesses or networks where there are no hotspots. Considering that the application opens networks to unauthorized access without permission from the network owner, this situation is quite dangerous.
It was stated that the name of the application is ‘WiFi Finder – connect to hotspot’.